Gamified Cybersecurity Training

Your team's next breach is a game they haven't played yet.

ThreatTable turns incident response into structured, role-based tabletop exercises your security team will actually want to run. Realistic scenarios. Real pressure. No external facilitator required.

▶ Request Early Access See Scenarios →

RAN-001 Lockdown at Midnight · PHI-002 MFA Fatigue · INS-001 The Disgruntled Admin · REG-001 FDA Auditor Arrives Early · CLO-001 S3 Bucket Surprise · ADV-001 The Long Game · PHI-003 Deepfake Authorization · RAN-002 Double Extortion · SUP-001 The Trusted Update · REG-003 SOX Control Failure · RAN-001 Lockdown at Midnight · PHI-002 MFA Fatigue · INS-001 The Disgruntled Admin · REG-001 FDA Auditor Arrives Early · CLO-001 S3 Bucket Surprise · ADV-001 The Long Game ·

// HOW IT WORKS

A tabletop exercise in 5 acts.

Each scenario is a structured game session. Your team plays roles, responds to escalating injects, makes decisions with real consequences, and debriefs together afterward.

01 / BRIEF

The scenario drops.

Your team reads the brief. A realistic breach is in progress. You have limited information and less time. Roles are assigned. The clock starts.

02 / INJECTS

Things get worse.

Every 10-20 minutes, a new inject hits the table. The CEO calls. The press finds out. The backups are encrypted too. Your plan breaks — then you adapt.

03 / DECISIONS

Choose. With consequences.

Forced decision points with named outcomes. Pay the ransom or rebuild? Notify now or investigate first? There are no clean answers — only defensible ones.

04 / TWIST

One card changes everything.

At the 50% mark, the twist card flips. Your cyber insurance is voided. A board member calls the CEO directly. The patch made it worse. Now what?

05 / DEBRIEF

The score reveals the gaps.

100 points across detection, containment, communication, compliance, and recovery. The debrief questions are designed to make the real gaps uncomfortable to ignore.

// SCENARIO LIBRARY

Built from real incidents.

Every scenario is mapped to MITRE ATT&CK, tagged to regulatory frameworks, and designed to expose the gaps your IR plan doesn't cover.

RAN-001

ANALYST

Lockdown at Midnight

Ransomware hits your file servers at 11:58 PM on a Friday.

60 MIN RANSOMWARE 4-8 PLAYERS T1486

RAN-002

INCIDENT CMD

Double Extortion

They encrypted your data. They also took it. Now they want two paydays.

90 MIN RANSOMWARE HIPAA SOX

PHI-001

ANALYST

The CEO Needs This Now

Urgent wire transfer request. C-suite email. Completely fake.

30 MIN BEC SOX T1534

PHI-002

ANALYST

MFA Fatigue

100 push notifications. 3 AM. Someone approves one.

30 MIN PHISHING T1621

PHI-003

CISO

Deepfake Authorization

The voice on the call sounds exactly like your CFO. It isn't.

60 MIN SOCIAL ENG SOX

REG-001

ANALYST

FDA Auditor Arrives Early

They said next week. Their car is in the parking lot now.

60 MIN GxP 21 CFR 11 PHARMA

ADV-001

CISO

The Long Game

They've been in your network for 147 days. You just found out.

90 MIN APT SEC T1070

SUP-001

CISO

The Trusted Update

The software update was signed and verified. So was the malware inside it.

90 MIN SUPPLY CHAIN T1195

// MORE IN EARLY ACCESS

15 more scenarios at launch.
76+ planned across all categories.

// PLAYER ROLES

Everyone has a job. Everyone is accountable.

Role cards define each player's responsibilities and the questions they must answer. The Incident Commander runs the room. Legal owns the clock. Communications owns the narrative. No one gets to be a spectator.

Incident Commander IT / Security Lead Legal Counsel Executive Sponsor Compliance Officer Communications Lead Finance Lead HR Lead Forensics Lead Vendor Liaison

// EARLY ACCESS

Be first to run it with your team.

ThreatTable is in development. Early access teams get the full scenario library, role cards, and a facilitated first session with Jaime Pauline.

▶ Request Early Access

Or reach us at hello@gatedragon.com